RSS FeedBlogs
RSS FeedSubscribe to this blog
About Author
Jericho Forum

The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.



'Firesheep' tells us that web security is broken

Web developers insist on doing it their way...

Article comments

Eric Butler's Firesheep plugin has been causing a stir, as it makes it extremely simple to hijack other people's web account.

Once you have installed the plug-in into Firefox, you can see the unprotected websites that other people access over the network you are connected to, whether through WiFi or shared network cable. You just click to gain access to their private pages.

I would not wish to encourage illegal wiretapping, but this demonstrates the illusion of security that websites have forced on their users for years. When the Jericho Forum Commandments were written several years ago, we said:

Surviving in a Hostile World
4. Devices and applications must communicate using open, secure protocols.

Security through obscurity is a flawed assumption - secure protocols demand open peer review to provide robust assessment and thus wide acceptance and use. Let's use this new awareness from Firesheep to pressure websites to provide adequate protection for their users. And maybe Defcon's ""Wall of Sheep" will at long last come tumbling down.

Andrew Yeomans, Jericho Forum Board member


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *